Add storage for remote LSKF verification session

package com.android.server.locksettings.recoverablekeystore.storage;

import android.annotation.Nullable;

import android.os.SystemClock;

import android.text.format.DateUtils;

import android.util.Log;

import android.util.SparseArray;

import com.android.internal.annotations.VisibleForTesting;

import com.android.server.locksettings.recoverablekeystore.SecureBox;

import java.security.KeyPair;

import java.security.NoSuchAlgorithmException;

import java.util.ArrayList;

/**

 * Memory based storage for keyPair used to send encrypted credentials from a remote device.

 */

public class RemoteLockscreenValidationSessionStorage {

    private final SparseArray<LockScreenVerificationSession> mSessionsByUserId =

            new SparseArray<>();

    private static final long SESSION_TIMEOUT_MILLIS = 10L * DateUtils.MINUTE_IN_MILLIS;

    private static final String TAG = "RemoteLockscreenValidation";

    @VisibleForTesting

    final SparseArray<LockscreenVerificationSession> mSessionsByUserId =

            new SparseArray<>(0);

    /**

     * Returns session for given user or null.

     * @hide

     */

    @Nullable

    public LockScreenVerificationSession get(int userId) {

    public LockscreenVerificationSession get(int userId) {

        synchronized (mSessionsByUserId) {

            return mSessionsByUserId.get(userId);

        }

    }

    /**

     * Creates a new session to verify lockscreen credentials guess.

     * Creates a new session to verify credentials guess.

     *

     * Session will be automatically removed after 10 minutes of inactivity.

     * @param userId The user id

     *

     * @hide

     */

    public LockScreenVerificationSession startSession(int userId) {

    public LockscreenVerificationSession startSession(int userId) {

        synchronized (mSessionsByUserId) {

            if (mSessionsByUserId.get(userId) != null) {

            mSessionsByUserId.remove(userId);

                mSessionsByUserId.delete(userId);

            }

            KeyPair newKeyPair;

            try {

                newKeyPair = SecureBox.genKeyPair();

            } catch (NoSuchAlgorithmException e) {

                // impossible

                throw new RuntimeException(e);

            }

        LockScreenVerificationSession newSession = null;

        // TODO(b/254335492): Schedule a task to remove session.

            LockscreenVerificationSession newSession =

                    new LockscreenVerificationSession(newKeyPair, SystemClock.elapsedRealtime());

            mSessionsByUserId.put(userId, newSession);

            return newSession;

        }

    }

    /**

     * Deletes session for a user.

     */

    public void remove(int userId) {

        mSessionsByUserId.remove(userId);

    public void finishSession(int userId) {

        synchronized (mSessionsByUserId) {

            mSessionsByUserId.delete(userId);

        }

    }

    /**

     * Holder for keypair used by remote lock screen validation.

     * Creates a task which deletes expired sessions.

     */

    public Runnable getLockscreenValidationCleanupTask() {

        return new LockscreenValidationCleanupTask();

    }

    /**

     * Holder for KeyPair used by remote lock screen validation.

     *

     * @hide

     */

    public static class LockScreenVerificationSession {

    public class LockscreenVerificationSession {

        private final KeyPair mKeyPair;

        private final long mSessionStartTimeMillis;

        private final long mElapsedStartTime;

        /**

         * @hide

         */

        public LockScreenVerificationSession(KeyPair keyPair, long sessionStartTimeMillis) {

        LockscreenVerificationSession(KeyPair keyPair, long elapsedStartTime) {

            mKeyPair = keyPair;

            mSessionStartTimeMillis = sessionStartTimeMillis;

            mElapsedStartTime = elapsedStartTime;

        }

        /**

         * Returns SecureBox key pair.

         */

        public KeyPair getKeyPair() {

            return mKeyPair;

        }

        /**

         * Time when the session started.

         */

        private long getElapsedStartTimeMillis() {

            return mElapsedStartTime;

        }

    }

    private class LockscreenValidationCleanupTask implements Runnable {

        @Override

        public void run() {

            try {

                synchronized (mSessionsByUserId) {

                    ArrayList<Integer> keysToRemove = new ArrayList<>();

                    for (int i = 0; i < mSessionsByUserId.size(); i++) {

                        long now = SystemClock.elapsedRealtime();

                        long startTime = mSessionsByUserId.valueAt(i).getElapsedStartTimeMillis();

                        if (now - startTime > SESSION_TIMEOUT_MILLIS) {

                            int userId = mSessionsByUserId.keyAt(i);

                            keysToRemove.add(userId);

                        }

                    }

                    for (Integer userId : keysToRemove) {

                        mSessionsByUserId.delete(userId);

                    }

                }

            } catch (Exception e) {

                Log.e(TAG, "Unexpected exception thrown during LockscreenValidationCleanupTask", e);

            }

        }

    }

}

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.locksettings.recoverablekeystore.storage;

import static com.google.common.truth.Truth.assertThat;

import android.os.SystemClock;

import androidx.test.filters.SmallTest;

import androidx.test.runner.AndroidJUnit4;

import com.android.server.locksettings.recoverablekeystore.SecureBox;

import org.junit.Before;

import org.junit.Test;

import org.junit.runner.RunWith;

@SmallTest

@RunWith(AndroidJUnit4.class)

public class RemoteLockscreenValidationSessionStorageTest {

    private static final int USER_ID = 0;

    private static final int USER_ID_2 = 2;

    RemoteLockscreenValidationSessionStorage mStorage;

    @Before

    public void setUp() {

        mStorage = new RemoteLockscreenValidationSessionStorage();

    }

    @Test

    public void get_noStoredSessions_returnsNull() {

        assertThat(mStorage.get(USER_ID)).isNull();

    }

    @Test

    public void startSession() {

        mStorage.startSession(USER_ID);

        assertThat(mStorage.get(USER_ID)).isNotNull();

        assertThat(mStorage.get(USER_ID_2)).isNull();

    }

    @Test

    public void finishSession_removesSessionFromStorage() {

        mStorage.startSession(USER_ID);

        mStorage.finishSession(USER_ID);

        assertThat(mStorage.get(USER_ID)).isNull();

    }

    @Test

    public void getLockscreenValidationCleanupTask() throws Exception {

        long time11MinutesAgo = SystemClock.elapsedRealtime() - 11 * 60 * 1000;

        long time2MinutesAgo = SystemClock.elapsedRealtime() - 2 * 60 * 1000;

        mStorage.mSessionsByUserId.put(

                USER_ID, mStorage.new LockscreenVerificationSession(

                SecureBox.genKeyPair(), time11MinutesAgo));

        mStorage.mSessionsByUserId.put(

                USER_ID_2, mStorage.new LockscreenVerificationSession(

                SecureBox.genKeyPair(), time2MinutesAgo));

        mStorage.getLockscreenValidationCleanupTask().run();

        assertThat(mStorage.get(USER_ID)).isNull();

        assertThat(mStorage.get(USER_ID_2)).isNotNull();

    }

}